I've been evaluating web application scanners for my company to invest in and was wondering which of these two you guys have experience with and recommend. I know there are open source tools that are just as good or better and discovering vulns, but I'm also interested in their reporting and compliance (FISMA) features.
I've tested out both of them (full evaluation license) against a test site and they both still miss a few vulnerabilities that I know are there. I'm leaning toward AppScan because I like the interface better and find it easier to get around in, but am open to suggestions.
Open source tools will still be a part of my toolkit - there's no doubt about that - but the company also wants to have an established "professional" scanner in place. I'm sure the rest of you are like me and don't like a scanner taking all the fun out of web app testing, but at least I'll still get to do manual testing after initial scans.
Thanks for your input.